Hi Terry,
> > > but which lines reject the words Rocks, May or Sucks?
> >
> > Line 34.
>
> I can see that 'May' appears in that line, but where is Rocks or
> Sucks?
It isn't there. I gave ‘Theresa May Sucks’ as an example of a password
which would be blacklisted.
> > > Are there separate lines to cover Caesar, Augustus or Theresa?
> >
> > Line 35.
>
> I can't see any of those words in line 35. Are you saying that any
> part of those words will match?
No, I'm saying ‘Augustus’ would be matched by the month of ‘august’.
> > The regexp is a blacklist of what sequences of characters mustn't
> > occur anywhere in the password. It doesn't make use of word
> > boundaries, which could be considered another bug.
>
> Yes. I understand that, but any of those words concatenated together
> with other unrelated words would be Quite hard to detect.
It blacklists the character sequence ‘august’ without caring what other
characters it catenates with, e.g. ‘us’.
> > > So most people would give up and use something simple like
> > > 'mypassword'.
> > >
> > > That should work except this regexp is probably augmented by other
> > > checks like a minimum length.
>
> They don't mention that.
(Thunderbird's quoting went awry there.
My text has three ‘>’ instead of two.)
They said:
There is a problem
* Password must comply with regex:
The failure triggered an error message about the failure. It makes no
mention whether there are other checks. The regexp does not blacklist
the passwords ‘’, ‘ ’, or ‘x’.
Here's a password which isn't blacklisted. And it's probably long
enough. If it works, then you can hopefully change it later.
n4abrjFnNEmBja4TqB64M4AQLMQ47MT34
--
Cheers, Ralph.
--
Next meeting: Online, Jitsi, Tuesday, 2024-11-12 20:00
Check to whom you are replying
Meetings, mailing list, IRC, ... https://dorset.lug.org.uk
New thread, don't hijack: mailto:dorset@mailman.lug.org.uk
